We're using Apaches(2.2.4) mod_proxy and mod_proxy_balancer to loadbalance
Tomcats(5.5) using mod_proxy_ajp, and found a problem getting both cookie-
based and url-rewriting based session-ids to be 'sticky' for
mod_proxy_balancer.
The Servlet Spec(see i.e.:
http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ ), in section 7,
binds Servlet Containers to use an uppercase param 'JSESSIONID' to hold the
sessionid in cookies, but a lowercase 'jsessionid' if using url-rewriting(used
when cookies are disabled). And thats exactly what the Tomcats do.
Now, if we have defined stickysession to be 'JSESSIONID' in the ProxyPass
directive, i.e. like this:
ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=JSESSIONID
we observe the stickysession feature to work with cookies, but not with url-
rewriting.
If we define stickysession to use the lowercase variant, like this:
ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=jsessionid
it's just the other way round: url-rewriting is working, but cookies are not.
mod_proxy_balancer uses the value stickysession is set to in a case-sensitive
way for both cookie-based and url-based session-ids, thus being unable to cope
with the different cases of 'jsessionid' defined as mandatory by the Servlet
Spec. This can be seen in the mod_proxy_balancer.c source in get_path_param()
and get_cookie_param().
What we did to circumvent the problem was to patch mod_proxy_balancer.c like
this:
--------------------------
--- mod_proxy_balancer.c.ORIG 2005-11-10 16:20:05.000000000 +0100
+++ mod_proxy_balancer.c 2006-01-31 18:03:56.000000000 +0100
@@ -111,9 +111,17 @@
const char *name)
{
char *path = NULL;
+ char *session_id = NULL;
+ int i;
+ session_id= apr_pstrdup(pool, name);
+ /* Change 'JSESSIONID' to 'jsessionid' to match the value in the url */
+ if (isupper(name[0])) {
+ for (i=0;i<=strlen(session_id);i++)
+ session_id[i] = tolower(session_id[i]);
+ }
- for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
- path += (strlen(name) + 1);
+ for (path = strstr(url, session_id); path; path = strstr(path + 1,
session_id)) {
+ path += strlen(session_id);
if (*path == '=') {
/*
* Session path was found, get it's value
--------------------------
(found here: http://mail-archives.apache.org/mod_mbox/httpd-users/200603.mbox/%
3c9B4E37DCB8D57D408FF960B536F0E5274330E6@ms01012.avinci.de%3e )
Although that fixed the problem for us, I do not request to apply exactly this
patch to the mod_proxy_balancer.c source(because it's rude in a way that it
only looks for the lowercase identifier in the URL if an uppercase one is
configured), but I think mod_proxy_balancer.c has to be changed so that either:
- it is handling the stickysession identifier in an overall case-insensitive
way, or at least
- it could additionally look for the lowercase variant in get_path_param(), if
an uppercase one is configured and not found in the URL

This is ASF Bugzilla: the Apache Software Foundation bug system. In case
of problems with the functioning of ASF Bugzilla, please contact
bugzilla-admin@apache.org.
Please Note: this e-mail address is only for reporting problems
with ASF Bugzilla. Mail about any other subject will be silently
ignored.